Mudge was responsible for early research of a security vulnerability known as a buffer overflow. In 1995, he published one of the first papers on the topic, "How to Write Buffer Overflows". He published several security advisories on vulnerabilities in Unix and was a leader in the full disclosure movement. He was the initial author of security tools L0phtCrack, AntiSniff, and l0phtwatch.

Mudge was one of the first people from the hacker community to reach out and build relationships with government and industry. In demand as a public speaker, he spoke at hacker conferences such as Defcon and academic conferences such as Usenix. Mudge has also been a member of CULT OF THE DEAD COW since 1996.

He was one of the seven L0pht members who testified before a Senate committee in 1998 that they could bring down the Internet in 30 minutes. When L0pht was acquired by @stake in 1999, he became the vice president of research and development and later chief scientist.